classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory


Protection from ransomware
February 2017, Cyber Security, IT infrastructure

If you’ve been listening to the news in the past few months, you have undoubtedly heard of a number of companies being affected by ransomware. The recent surge in this form of cyber attack has many organisations and users understandably concerned. And you should be too.

Ransomware is nasty stuff. However, with some careful preparation, you can significantly lower your risk of being infected, and reduce the impact on you or your organisation should you be hit.

Paul Williams, country manager – SADC at Fortinet.
Paul Williams, country manager – SADC at Fortinet.

Ransomware is a form of malware that infects devices, networks and data centres, encrypting critical files and prevents them from being used until the user or organisation pays a ransom to have the system unlocked. Ransomware has been around since at least 1989, when the ‘PC Cyborg’ trojan encrypted file names on a hard drive and insisted users pay $189 to have them unlocked. In the interim, ransomware attacks have become increasingly sophisticated, targeted, and lucrative.

The impact of ransomware is difficult to calculate, since many organisations opt to simply pay to have their files unlocked – an approach that doesn’t always work. However, a report on the Cryptowall v3 ransomware campaign, issued in October of 2015 by the Cyber Threat Alliance, estimated that the cost of that attack was US$ 325 million.

Ransomware generally works in one of several ways. Crypto Ransomware can infect an operating system so that a device is unable to boot. Other ransomware will encrypt a drive or a set of files or file names. Some malicious versions have a timer and begin deleting files until a ransom has been paid. All demand that a ransom be paid in order to unlock or release the blocked or encrypted system, files, or data.

What do I do to stop it?

Here are 10 things you need to do to protect yourself and your organisation from the effects of ransomware.

1. Develop a backup and recovery plan. Back up your systems regularly, and store that backup offline on a separate device.

2. Use professional email and web security tools that analyse email attachments, websites, and files for malware, and can block potentially compromised advertisements and social media sites that have no business relevance. These tools should include sandbox functionality, so that new or unrecognised files can be executed and analysed in a safe environment.

3. Keep your operating systems, devices, and software patched and updated.

4. Make sure that your device and network antivirus, IPS, and antimalware tools are running the latest updates.

5. Where possible, use application white listing, which prevents unauthorised applications from being downloaded or run.

6. Segment your network into security zones, so that an infection in one area cannot easily spread to another.

7. Establish and enforce permission and privilege, so that the fewest number of users have the potential to infect business-critical applications, data, or services.

8. Establish and enforce a BYOD security policy which can inspect and block devices which do not meet your standards for security (no client or anti-malware installed, antivirus files are out of date, operating systems need critical patches, etc.).

9. Deploy forensic analysis tools so that after an attack you can identify:

a) Where the infection came from,

b) How long it has been in your environment,

c) That you have removed all of it from every device, and

d) That you can ensure it doesn’t come back.

10. This is critical: Do not count on your employees to keep you safe. While it is still important to increase your user-awareness training so employees are taught to not download files, click on email attachments, or follow unsolicited web links in emails, human beings are the most vulnerable link in your security chain, and you need to plan around them.

Here’s why: For many of your employees, clicking on attachments and searching the Internet is part of their job. It is difficult to maintain the appropriate level of scepticism. Second, phishing attacks have become very convincing. A targeted phishing attack uses things like online data and social media profiles to customise an approach. Third, it is simply human nature to click on an unexpected invoice or critical message from your bank. And finally, in survey after survey, users feel that security is someone else’s job, not theirs.

What if I get infected?

I hope that you have a recent backup and you can wipe your device and reload it with an uninfected version. Here are some other things you need to do:

1. Report the crime.

2. Paying the ransom is no guarantee.

3. Contact experts.

4. Have a Plan B.


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Trusted Platform Module explained
    May 2017, Bosch Security Systems, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security
    Bosch IP cameras, encoders and selected storage systems have an onboard security chip – actually a system-on-a-chip called the Trusted Platform Module – that provides functionality similar to crypto smartcards.
  • Procore Trading
    Securex 2017 preview, Cyber Security
    Procore Trading’s Intimus 9000 Degausser uses most modern APT technology to erase information from hard drives. The Intimus 9000 produces an erasing field many times stronger than those produced by the ...
  • Hikvision launches Blazer Pro
    May 2017, Hikvision South Africa, CCTV, Surveillance & Remote Monitoring, IT infrastructure, Products
    Hikvision has launched Blazer Pro, an all-in-one high-end server solution designed to meet the needs of medium to large camera count, mission-critical surveillance network projects.
  • Fit-for-purpose solar cables
    May 2017, Helukabel SA, Products, IT infrastructure
    Helukabel’s Solarflex-X PV1-F solution for the solar industry is able to withstand the harsh environments of solar plants exceeds TÜV, CE, Rohs and VDE quality certifications to ensure longevity.
  • Security skills shortage?
    May 2017, Galix Networking, Cyber Security
    We’re currently faced with a global information security skills crisis with an expected deficit of 1.5 million people within five years.
  • Niall Beazley looks at some of the issues end users should consider when deciding on surveillance solutions: you get what you pay for.
    May 2017, Vision Catcher, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions
    Niall Beazley looks at some of the issues end users should consider when deciding on surveillance solutions: you get what you pay for.
  • Network cameras can improve smart city living
    May 2017, Axis Communications SA, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, IT infrastructure
    It is time to think outside the traditional security box and find new application areas where network cameras have the potential to make a significant difference to the quality of urban living.
  • IoT running wild compromises security
    May 2017, Genetec, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security
    Constant connectivity and the rapid flow of information may offer new and convenient ways to do business and create value, but it also places the corporate network at significant risk.
  • Are you afraid of the dark (net)?
    May 2017, J2 Software, This Week's Editor's Pick, Cyber Security
    Given the recent global malware attacks, you should be, argues John McLoughlin, MD, J2 Software. Worst of all, you are probably not aware you have been hacked.
  • Accelerating the community theme
    May 2017, Milestone Systems, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security, News
    Milestone Community Days EMEA (MIPS) in Dubai highlighted the company’s platform strategy, connected products for the small and medium-sized businesses and higher performing software.
  • Securing your security
    April 2017, Technews Publishing, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions, IT infrastructure
    The digital age has not only seen the security industry migrate to IP, but is now forcing it to be aware of the latest cyber security risks.
  • Wireless works for CCTV
    April 2017, MiRO Distribution, RADWIN, CCTV, Surveillance & Remote Monitoring, Cyber Security
    Wireless networking is a reasonable choice for surveillance, as long as one uses the right technology and plans correctly.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.